OB-1.1.12

Entire section

Custom print

Link

Text Only

Rich Text

Print

Location:

Versions

Dec 01 2018 - Jun 30 2021
Jul 01 2021

A PISP must establish procedures to ensure:

(a) that it will not store a customer's personalised security credentials, such as customer’s KYC and biometric information and that such data are:

i. not accessible to other parties, with the exception of the issuer of the credentials; and

ii. transmitted through safe and efficient channels;

(b) that any other information about a customer is not provided to any person except a payee, and is provided to the payee only with the customer's explicit consent;

(c) that each time a PISP initiates a payment order on behalf of its customer, the PISP identifies itself to the licensee with whom the customer maintains the account in a secure way;

(d) [This Sub-paragraph was deleted in July 2021];

(e) that it will not access, use or store any information for any purpose except for the provision of a payment initiation service explicitly requested by a payer, however, it may store payment details initiated by the customer such as payment amounts, payment accounts, payment reference number, payment execution dates, time and payee’s IBAN number;

(f) that it cannot and does not change the amount, the payee or any other feature of a transaction notified to it by the customer.

(g) that any data accessed and stored is encrypted in transit and at rest and, must not be accessible to any unauthorised person within the licensee’s organisation.

Amended: July 2021
Added: December 2018